Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: how did you get in here

  1. #21
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Why is it that when someone talks about getting hacked, everyone brings up spyware and says... download adaware. I will admit spyware is a pain in the ass, but it has NOTHING to do with this situation at all, so why does anyone even talk about it.

    What was the content of the email and how do you know it was sent? was it in your outbox or did someone tell you? From the descriptions that you have told, it sounds more like a virus then anything else. The online virus scanners suck. They are great because they are always up to date, but because they are run remotely there are certain things they can't do. AVG is a good program (I have never had any problem with it) and its free, so download it and run it. With a DSL connection you can even have it set to update weekly and not have to worry about it. Get it at www.grisoft.com
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  2. #22
    Junior Member
    Join Date
    Sep 2003
    Posts
    2

    Ad-aware

    Maybe you should tray with following procedure:

    First install freeware "Ad-aware" antispy software from Lavasoft (Sweden) on: http://www.net-security.org/software.php?id=135;
    after instaling run the program and try to discover findings (at the end of scan you have an option to identified origin of spy programs, filename then google searching). You must have at downloading and scanning your firewall active.

    Best regards,

    Primoz

  3. #23
    Junior Member
    Join Date
    Jul 2003
    Posts
    22
    whyme961,

    I'm not that knowledgeable in computer security but I had arbitrary unwanted connections on a computer...took out iMesh and the unwanted traffic stopped.

  4. #24
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    i have to agree with jetherson your email is easy to spoof to someone whos ignorant of such things but rhe file deletion thing is something differant.

    soulman. its about time someone said that. this adware bullshit makes it hard for a newbie to find usefull info when adware has nothing to do with the problem

    the last time you patched was two weeks ago. this may have been just before ms included the rpc/dcom patch. if you were running a properly configured firewall at the time it shouldn't matter...were you?

    once a good hacker gets into your system it gets kinda tough to detect. tool like netcat and radmin aren't detected as trojans or viruses because their not and the new root kits can be impossible to detect.

    the wisest thing for you to do is re-format and re-install. (as has been stated already)Install the AV software, the firewall and all the patches before you do anything else. If your looking for a learning experiance instead and you have nothing on your machine that could hurt you like credit card or other sensitive data then we can start looking at some forensic tools...like the pstool kit and a bunch of others folks here can help you with. Decide what you want to do. Stop it or learn about it.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #25
    Member
    Join Date
    Jun 2003
    Posts
    57
    whyme,

    these folks are right the way to get rid of your problem for sure is to re-baseline. Format and re-install everything. Not a lot of fun but usually educational. For a software firewall most folks agree that Zona Alarm:

    http://www.zonelabs.com/store/conten...eeDownload.jsp

    Is one of if not the best. For a a hardware firewall the easiest way is to get one of these "Routers" from Best Buy or CompUSA ETC.. D-link, Linksys, and netgear all make easy to use cheap 4 port home routers. They do NAT (Network Address Translation) on your IP address and offer a bit of protection from that. If Your 'friend' doesn't know how to get around it it will help, if you have trojan or something that is calling out it won't help.

    Another option if you have an older computer lying around you can put 2 NICs in it and set up your own NAT box. Coyote Linux makes a firewall that boots up and runs from a floppy,and it can even be configured on a windows box if you also download the wizard. that means there could be no harddrive to monkey around with on that particular box, Just a floppy and some RAM!!!

    http://www.coyotelinux.com/modules.p...download&cid=1

    As already stated AVG is really good for a virus scanner and keeps up to date and best of all, free.

    If you want to know what's going on try running TCPDump on you rsystem and watch the traffic that is going out and coming in.

    http://winpcap.polito.it/install/default.htm#Developer

    Also you can try Ethereal, i haven't used it yet but I have seen folks here and elsewhere rave about it.

    http://www.ethereal.com/download.html

    Hope this helps
    \"If you take a starving dog in off the street and make him prosperous he will not bite you, this is the principle difference between a dog and a man\" - Mark Twain

  6. #26
    Junior Member
    Join Date
    Sep 2003
    Posts
    5
    Idon't know about you. But I think in multiple levels. First is the ISP and what protection does it provide, then in Microswift and it's redundant fixes to problems already exposed to the world and soon to be fixed.
    Then I rely on a router with security, a firewall(Zone Alarm in this instance) and then dump MACA whatever and get Norton Antivirus and set it up to update at least once a week.
    In the mean time spend a litle time reading up on what is currently working it's way through the internet. I subscribe to a number of enet sites just to keep up with who is doing what to whom. Gypsy

  7. #27
    Junior Member
    Join Date
    Sep 2003
    Posts
    1
    Its not that simple. If it is a customized trojan, you might not be able to detect it. Zone alarm doesn't find everything, its the same for antivirus. I suggest you search on mail you recently received and check any attachment you might have opened.

    Of course customized trojan means that the attacker knows you and yr OS, antivirus, etc.

    You should hv you computer checked by an expert.

  8. #28
    Junior Member
    Join Date
    Sep 2003
    Posts
    5

    Thumbs down

    No, it's not that simple. But itis the first steps everyone should take to insure that they have at least the minium security for their pc. I try to keep as up to date of anti virus and worm protection as the next guy. but even with everything set to the max there are no gaurantees. That is why I am here. To know more about the loops things can slip through and how to prevent/attack them. Gypsy

  9. #29
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    Just had a further thought. You say you connect via "DSL"?..............I would suggest that you cut your connection for a while then re-connect...............this will force a new internet address (well it does with my ISP anyways) so if the attack is remote, you "just moved house"

    I must confess that the reason for my previous "rant" is that I think your attacker is closer than you think

    It has happened to me, and I am sure to other AO members..............kinda leaves a nasty taste when you trust someone, let them use something of yours and they screw you?

    Do a Google search for CompuSec v4.15. It is free, and runs on 2K/XP. It puts a new password between the boot and OS load. If you do have an internal security problem, that will sort it.

    I am afraid that I have to stick with my original suggestion that if you have a major trojan problem you have to go back to square one and reinstall everything...you just do not know what might be there and these generic tools cannot be relied on 100%


    You might also like to look for a product called "HijackThis"......it will show you what is running on your machine.............please be VERY CAREFUL...it shows everything, not bad guys only. I suggest this, because I do not think that the author of a custom trojan will have heard of it, so cannot have stealthed his software against it.

    Good Luck


    Good Luck

  10. #30
    Junior Member
    Join Date
    Sep 2003
    Posts
    5

    Lightbulb

    Hi All,
    A friend of mine just let me know of a program calld SNORT. This guy seems to be an internet snifer that breaks down packets as they come in and let you know who the sniffer is. If this is the case It may be worth a one time fee to install it on your pc. He swears by it. and I'll tellyou I'm thinking about getting it. BUT as with everything else 'Be wary of greeks bearing gifts' meaning if it sounds to good to be true really check it out before downloading...Gypsy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •